Upstream information

CVE-2015-7384 at MITRE

Description

Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database SUSE
Base Score 5 5.4
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P AV:N/AC:H/Au:N/C:N/I:N/A:C
Access Vector Network Network
Access Complexity Low High
Authentication None None
Confidentiality Impact None None
Integrity Impact None None
Availability Impact Partial Complete
SUSE Bugzilla entry: 948602 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Module for Web Scripting 15
  • nodejs8 >= 8.11.1-1.19
  • nodejs8-devel >= 8.11.1-1.19
  • nodejs8-docs >= 8.11.1-1.19
  • npm8 >= 8.11.1-1.19
Patchnames:
SUSE Linux Enterprise Module for Web Scripting 15 GA nodejs8
openSUSE 13.1
  • nodejs >= 4.2.1-4.1
  • nodejs-debuginfo >= 4.2.1-4.1
  • nodejs-debugsource >= 4.2.1-4.1
  • nodejs-devel >= 4.2.1-4.1
  • nodejs-doc >= 4.2.1-4.1
Patchnames:
openSUSE-2015-680
openSUSE Leap 42.1
  • nodejs >= 4.2.1-10.1
  • nodejs-debuginfo >= 4.2.1-10.1
  • nodejs-debugsource >= 4.2.1-10.1
  • nodejs-devel >= 4.2.1-10.1
  • nodejs-doc >= 4.2.1-4.1
  • nodejs-docs >= 4.2.1-10.1
  • nodejs-npm >= 4.2.1-10.1
Patchnames:
openSUSE-2015-680